CVE-2021-47273

MEDIUM

Linux Kernel 5.8-5.10.43 5.12.0-5.12.10 - NULL Pointer Dereference in dwc3_meson_g12a_usb2_init_phy

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3-meson-g12a: fix usb2 PHY glue init when phy0 is disabled When only PHY1 is used (for example on Odroid-HC4), the regmap init code uses the usb2 ports when doesn't initialize the PHY1 regmap entry. This fixes: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020 ... pc : regmap_update_bits_base+0x40/0xa0 lr : dwc3_meson_g12a_usb2_init_phy+0x4c/0xf8 ... Call trace: regmap_update_bits_base+0x40/0xa0 dwc3_meson_g12a_usb2_init_phy+0x4c/0xf8 dwc3_meson_g12a_usb2_init+0x7c/0xc8 dwc3_meson_g12a_usb_init+0x28/0x48 dwc3_meson_g12a_probe+0x298/0x540 platform_probe+0x70/0xe0 really_probe+0xf0/0x4d8 driver_probe_device+0xfc/0x168 ...

References (3)

Core 3

Core References

Patch

https://git.kernel.org/stable/c/750a0d75564293be3ed50f13ef7f38ab75106421

Patch

https://git.kernel.org/stable/c/d8dd3754e707104a34f8ec595034d503ea8871a2

Patch

https://git.kernel.org/stable/c/4d2aa178d2ad2fb156711113790dde13e9aa2376

Scores

CVSS v3 5.5

EPSS 0.0022

EPSS Percentile 12.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-476

Status published

Products (10)

Linux/Linux < 5.8

Linux/Linux 013af227f58a97ffc61b99301f8f4448dc7e7f55 - 4d2aa178d2ad2fb156711113790dde13e9aa2376

Linux/Linux 013af227f58a97ffc61b99301f8f4448dc7e7f55 - 750a0d75564293be3ed50f13ef7f38ab75106421

Linux/Linux 013af227f58a97ffc61b99301f8f4448dc7e7f55 - d8dd3754e707104a34f8ec595034d503ea8871a2

Linux/Linux 5.10.44 - 5.10.*

Linux/Linux 5.12.11 - 5.12.*

Linux/Linux 5.13

Linux/Linux 5.8

linux/linux_kernel 5.13 rc1 (5 CPE variants)

linux/linux_kernel 5.8 - 5.10.44

Published May 21, 2024

Tracked Since Feb 18, 2026